US2007283419A1PendingUtilityA1

Method and system for protecting websites from public Internet threats

Assignee: AKAMAI TECH INCPriority: Jul 9, 2002Filed: Aug 20, 2007Published: Dec 6, 2007
Est. expiryJul 9, 2022(expired)· nominal 20-yr term from priority
H04L 65/1101H04L 67/1001H04L 65/612H04L 63/1441H04L 63/0209H04L 63/0227H04L 63/101H04L 63/0263
50
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

The present invention addresses the known vulnerabilities of Web site infrastructure by making an origin server substantially inaccessible via Internet Protocol traffic. In particular, according to a preferred embodiment, the origin server is “shielded” from the publicly-routable IP address space. Preferably, only given machines (acting as clients) can access the origin server, and then only under restricted, secure circumstances. In a preferred embodiment, these clients are the servers located in a “parent” region of a content delivery network (CDN) tiered distribution hierarchy. The invention implements an origin server shield that protects a site against security breaches and the high cost of Web site downtime by ensuring that the only traffic sent to an enterprise's origin infrastructure preferably originates from CDN servers. The inventive “shielding” technique protects a site's Web servers (as well as backend infrastructure, such as application servers, databases, and mail servers) from unauthorized intrusion—improving site uptime and in the process, customer loyalty.

Claims

exact text as granted — not AI-modified
1 . In a content delivery network (CDN) operated by a content delivery network service provider on behalf of participating content providers, the content delivery network having a set of content servers organized into regions and that provide content delivery on behalf of the participating content providers, a method, comprising: 
 having the content delivery network service provider associate an unpublished IP address with a participating content provider origin server;    restricting authorized access to the participating content provider origin server except from one or more content servers in the content delivery network; and    in response to a request associated with an end user, serving content to the end user from one of the content servers in the content delivery network in lieu of serving the content from the origin server.    
   
   
       2 . The method as described in  claim 1  wherein content servers in the content delivery network comprise a tier of a CDN cache hierarchy.  
   
   
       3 . The method as described in  claim 1  further including providing a content server in the content delivery network with the unpublished IP address via metadata.  
   
   
       4 . The method as described in  claim 1  further including providing the participating content provider origin server with a list of CDN content server regions that are authorized to request access to the participating content provider origin server.  
   
   
       5 . The method as described in  claim 1  wherein a content server in the content delivery network is configured to communicate with the participating content provider origin server on a port other than HTTP or HTTPS.  
   
   
       6 . The method as described in  claim 1  further including disabling all non-essential IP services on the participating content provider server.  
   
   
       7 . In a content delivery network (CDN) operated by a content delivery network service provider on behalf of participating content providers, the content delivery network having a set of content servers organized into regions and that provide content delivery on behalf of the participating content providers, a method, comprising: 
 associating a participating content provider origin server with a network that advertises its reachability only to one or more content servers in the content delivery network;    restricting authorized access to the participating content provider origin server except from one or more content servers in the content delivery network; and    in response to a request associated with an end user, serving content to the end user from one of the content servers in the content delivery network in lieu of serving the content from the origin server.    
   
   
       8 . The method as described in  claim 7  wherein the network advertises its reachability via one of EIGRP or OSPF.  
   
   
       9 . The method as described in  claim 7  wherein content servers in the content delivery network comprise a tier of a CDN cache hierarchy.  
   
   
       10 . The method as described in  claim 7  further including providing the participating content provider origin server with a list of CDN content server regions that are authorized to request access to the participating content provider origin server.  
   
   
       11 . The method as described in  claim 7  wherein a content server in the content delivery network is configured to communicate with the participating content provider origin server on a port other than HTTP or HTTPS.  
   
   
       12 . The method as described in  claim 7  further including disabling all non-essential IP services on the participating content provider server.

Join the waitlist — get patent alerts

Track US2007283419A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.